Package edu.uiuc.ncsa.oa2.servlet
Class OA2ATServlet
- java.lang.Object
-
- javax.servlet.GenericServlet
-
- javax.servlet.http.HttpServlet
-
- edu.uiuc.ncsa.security.servlet.AbstractServlet
-
- All Implemented Interfaces:
TransactionFilter
,edu.uiuc.ncsa.security.core.Logable
,Serializable
,javax.servlet.Servlet
,javax.servlet.ServletConfig
public class OA2ATServlet extends AbstractAccessTokenServlet2
Created by Jeff Gaynor
on 10/3/13 at 2:03 PM- See Also:
- Serialized Form
-
-
Field Summary
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.AbstractAccessTokenServlet2
txRecordCleanup
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet
caThread, kpt, lastAccessedThread, myproxyConnectionCache, myproxyConnectionCleanup, transactionCleanup
-
Fields inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet
ERROR_NOTIFICATION_BODY_KEY, ERROR_NOTIFICATION_SUBJECT_KEY, notificationListeners, storeUpdatesDone
-
-
Constructor Summary
Constructors Constructor Description OA2ATServlet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AuthorizationGrantImpl
checkAGExpiration(AuthorizationGrant ag)
Contract: if the token gets updated (might have to because of changes to token versions), return it.protected List<String>
convertToList(javax.servlet.http.HttpServletRequest req, String parameterName)
Convert a string or list of strings to a list of them.protected List<URI>
convertToURIList(javax.servlet.http.HttpServletRequest req, String parameterName)
protected OA2Client
createErsatz(edu.uiuc.ncsa.security.core.Identifier provisioningClientID, OA2Client ersatzClient, List<edu.uiuc.ncsa.security.core.Identifier> ersatzChain)
Takes a substitution chain and does the overrides.void
destroy()
protected IssuerTransactionState
doAT(IssuerTransactionState state, OA2Client client)
protected IssuerTransactionState
doAT(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client)
protected void
doIt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected TransactionState
doRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected void
doRFC8628(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
device flowprotected boolean
executeByGrant(String grantType, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
Contains the tests for executing a request based on its grant type.protected ATRequest
getATRequest(javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction, OA2Client client)
protected OA2ServiceTransaction
getByRT(RefreshToken refreshToken)
protected OA2SE
getOA2SE()
protected OA2TokenForge
getTF2()
protected ServiceTransaction
getTransaction(AuthorizationGrant ag, javax.servlet.http.HttpServletRequest req)
protected String
listToString(List scopes)
void
preprocess(TransactionState state)
Note that if you override this, you should call super, which sets some security-related headers, but touches nothing else.protected void
rollback(edu.uiuc.ncsa.security.storage.XMLMap backup)
protected void
rollback(edu.uiuc.ncsa.security.storage.XMLMap backup, TXRecord txRecord)
ServiceTransaction
verifyAndGet(IssuerResponse iResponse)
This is called after the response is received so that the system can get the approproate transaction.-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.AbstractAccessTokenServlet2
doDelegation, doDelegation, getIssuerTransactionState, getIssuerTransactionState
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.MultiAuthServlet
getAdminClient, getAdminClient, getClient, getClientSecret, verifyClientSecret
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.MyProxyDelegationServlet
checkClientApproval, createDebugger, getAGI, getATI, getClient, getClient, getFirstParameters, getGrantIDFromRequest, getMPConnection, getMPConnection, getMyproxyConnectionCache, getMyproxyServices, getServiceEnvironment, getTransaction, getTransactionByGrantID, getTransactionStore, hasMPConnection, hasMPConnection, isEmpty, loadProperties2, newTransaction, postprocess, realStoreUpdates, say, shutdownCleanup, storeUpdates
-
Methods inherited from class edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.EnvServlet
addNotificationListener, loadEnvironment, processStoreCheck, removeNotificationListener
-
Methods inherited from class edu.uiuc.ncsa.security.servlet.AbstractServlet
checkContentType, CONST, debug, doGet, doPing, doPost, error, error, getConfigurationLoader, getEnvironment, getExceptionHandler, getFirstParameterValue, getInitialization, getMyLogger, handleException, info, init, isDebugOn, printAllParameters, printAllParameters, resetState, setConfigurationLoader, setDebugOn, setEnvironment, setExceptionHandler, setInitialization, warn
-
Methods inherited from class javax.servlet.http.HttpServlet
doDelete, doHead, doOptions, doPut, doTrace, getLastModified, service, service
-
-
-
-
Method Detail
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Servlet
- Overrides:
destroy
in classMyProxyDelegationServlet
-
preprocess
public void preprocess(TransactionState state) throws Throwable
Description copied from class:MyProxyDelegationServlet
Note that if you override this, you should call super, which sets some security-related headers, but touches nothing else.- Specified by:
preprocess
in interfaceTransactionFilter
- Overrides:
preprocess
in classMyProxyDelegationServlet
- Throws:
Throwable
-
executeByGrant
protected boolean executeByGrant(String grantType, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
Contains the tests for executing a request based on its grant type. over-ride this as needed by writing your code then calling super. Returntrue
is the request is serviced and false otherwise. This is invoked in thedoIt(HttpServletRequest, HttpServletResponse)
method. If a grant is given' that is not supported in this method, the servlet should reject the request, as per the OAuth 2 spec.- Parameters:
request
-response
-- Throws:
Throwable
-
createErsatz
protected OA2Client createErsatz(edu.uiuc.ncsa.security.core.Identifier provisioningClientID, OA2Client ersatzClient, List<edu.uiuc.ncsa.security.core.Identifier> ersatzChain)
Takes a substitution chain and does the overrides. Any int or long < 0 is assumed unset and is skipped.- Parameters:
provisioningClientID
-ersatzClient
-ersatzChain
-- Returns:
-
convertToList
protected List<String> convertToList(javax.servlet.http.HttpServletRequest req, String parameterName)
Convert a string or list of strings to a list of them. This is for lists of space delimited values The spec allows for multiple value which in practice can also mean that a client makes the request with multiple parameters, so we have to snoop for those and for space delimited strings inside of those. This is used by RFC 8693 and specific to it.- Parameters:
req
-parameterName
-- Returns:
-
convertToURIList
protected List<URI> convertToURIList(javax.servlet.http.HttpServletRequest req, String parameterName)
-
doIt
protected void doIt(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
- Overrides:
doIt
in classAbstractAccessTokenServlet2
- Throws:
Throwable
-
getATRequest
protected ATRequest getATRequest(javax.servlet.http.HttpServletRequest request, ServiceTransaction transaction, OA2Client client)
- Specified by:
getATRequest
in classAbstractAccessTokenServlet2
-
checkAGExpiration
protected AuthorizationGrantImpl checkAGExpiration(AuthorizationGrant ag)
Description copied from class:AbstractAccessTokenServlet2
Contract: if the token gets updated (might have to because of changes to token versions), return it. If no changes, return null.- Specified by:
checkAGExpiration
in classAbstractAccessTokenServlet2
- Returns:
-
getOA2SE
protected OA2SE getOA2SE()
-
doAT
protected IssuerTransactionState doAT(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, OA2Client client) throws Throwable
- Throws:
Throwable
-
doAT
protected IssuerTransactionState doAT(IssuerTransactionState state, OA2Client client) throws Throwable
- Throws:
Throwable
-
getByRT
protected OA2ServiceTransaction getByRT(RefreshToken refreshToken) throws IOException
- Throws:
IOException
-
getTF2
protected OA2TokenForge getTF2()
-
doRefresh
protected TransactionState doRefresh(OA2Client client, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws Throwable
- Throws:
Throwable
-
rollback
protected void rollback(edu.uiuc.ncsa.security.storage.XMLMap backup) throws IOException
- Throws:
IOException
-
rollback
protected void rollback(edu.uiuc.ncsa.security.storage.XMLMap backup, TXRecord txRecord) throws IOException
- Throws:
IOException
-
verifyAndGet
public ServiceTransaction verifyAndGet(IssuerResponse iResponse) throws IOException
Description copied from class:MyProxyDelegationServlet
This is called after the response is received so that the system can get the approproate transaction. Checks for the validity of the transaction should be done here too.- Specified by:
verifyAndGet
in classMyProxyDelegationServlet
- Returns:
- Throws:
IOException
-
getTransaction
protected ServiceTransaction getTransaction(AuthorizationGrant ag, javax.servlet.http.HttpServletRequest req) throws javax.servlet.ServletException
- Specified by:
getTransaction
in classAbstractAccessTokenServlet2
- Throws:
javax.servlet.ServletException
-
-